Hi, we are releasing GIMP 2.8.22 with various bug fixes. All platforms will benefit from a change to the image window hierarchy in single window mode, which improves painting performance when certain GTK+ themes are used. This version fixes an ancient CVE bug, CVE-2007-3126. Due to this bug, the ICO file import plug-in could be crashed by specially crafted image files. Our attempts to reproduce the bug failed with 2.8 and thus the impact had likely been minimal for years, but now it is gone for good. Users on the Apple macOS platforms will benefit from fixes for crashes during drag&drop and copy&paste operations. On the Microsoft Windows platforms, crashes encountered when using the color picker with special multi-screen setups are gone, and picking the actual color instead of black from anywhere on the screen should finally be possible. For a complete list of changes since 2.8.20 please see the "Changes" section below. Also see the release notes of the 2.8 series at https://www.gimp.org/release-notes/gimp-2.8.html Happy GIMPing, --Michael Download ======== GIMP 2.8.22 is available from: https://www.gimp.org/downloads and the mirrors listed in https://www.gimp.org/downloads/#mirrors Please use the torrents to distribute the download bandwidth across many mirrors. You can also help seeding the packages this way. Direct links to the download directories are available below, these are set up to use a random mirror: https://download.gimp.org/mirror/pub/gimp/v2.8/ https://download.gimp.org/mirror/pub/gimp/v2.8/osx/ https://download.gimp.org/mirror/pub/gimp/v2.8/windows/ SHA1 checksums for the GIMP 2.8.22 downloads are as follows: c894a0d9a864d418bdbd30a22d698c731583e5c4 gimp-2.8.22.tar.bz2 25c276d82da6b9bd07478f9d1d9bd4faccea9d4a gimp-2.8.22-x86_64.dmg cf6fa10746a056ac728a83bd0121b83d645423de gimp-2.8.22-setup.exe Overview of Changes from GIMP 2.8.20 to GIMP 2.8.22 =================================================== GUI: - improve drawing performance in single window mode, especially with pixmap themes macOS DMG: - Make the launcher script also set BABL_PATH - Add patch for GTK+ Bug 743717 to the build which concerns crashes during clipboard operations with a clipboard manager active - Add patch for GTK+ Bug 767091 to the build which concerns crashes on some drag & drop operations - generate OSX package metadata during build Plug-ins: - Fix for CVE-2007-3126, a bug in the ICO plug-in which allowed context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero. We couldn't reproduce any crash in recent version, but fixed the error messages for good measure - Avoid creating wrong layer group structure when importing PSD files (already fixed in 2.8.20, didn't make it to the NEWS) - Prevent a crash in PDF plug-in if images or resolution are large - stop parsing invalid PCX files early and prevent a segmentation fault General: - if NOCONFIGURE is set, autogen.sh won't run configure - VPATH builds for win32 targets have been fixed Updated Translations: - Basque - Brazilian Portuguese - Catalan - Chinese (PRC) - Finnish - Greek - Hungarian - Italian - Kazakh - Norwegian - Polish - Slovenian - Spanish - Swedish Contributors ============ Ell, Jehan, Kristian Rietveld, Marco Ciampa, Massimo Valentini, Michael Natterer, Michael Schumacher, Tobias Stoeckmann, Éric Hoffman Translators =========== Anders Jonsson, Balázs Meskó, Baurzhan Muftakhidinov, Daniel Mustieles, Dimitris Spingos (Δημήτρης Σπίγγος), Fran Dieguez, Inaki Larranaga Murgoitio, Jeff Bai, Jiri Grönroos, Jordi Mas, Kjartan Maraas, Marco Ciampa, Martin Srebotnjak, Piotr Drąg, Rafael Fontenelle -- Regards, Michael GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD
Attachment:
signature.asc
Description: OpenPGP digital signature